We use the Netgate pfSense firewalls for each location in the same metropolitan area.
We implemented Netgate pfSense at the most basic level, aiming for a reliable firewall solution without incurring the high costs associated with Cisco products.
We use the Netgate pfSense firewalls for each location in the same metropolitan area.
We implemented Netgate pfSense at the most basic level, aiming for a reliable firewall solution without incurring the high costs associated with Cisco products.
Netgate pfSense is a flexible firewall solution. It supports OpenVPN and IPsec, providing various options for establishing secure connections. Additionally, it offers features for monitoring user browsing behavior, enabling administrators to implement restrictions if desired. Overall, pfSense is a versatile platform that can be adapted to meet the needs of different network environments.
Adding new features to pfSense is quick. We select the feature we want and click install.
One feature that pfSense had, which my Cisco PIX firewall lacked, was built-in failover. With the Cisco PIX, if I wanted to implement failover, for instance, if one internet connection went down and I had a backup, I had to purchase additional hardware and a whole other firewall. However, with pfSense, failover configured two ports on the existing box to switch between them if one connection failed.
The security of pfSense is excellent. It effectively prevents unauthorized access. To date, we haven't experienced any security breaches.
pfSense Plus provides a cold spare that helps minimize downtime. In the event of a failure, the other firewall can be activated while the broken one is restored and configured.
We saw the value of pfSense within a few days. Some of it was instant, but other things took time. When we first implemented it, we saw some value, and a few days later, it kept impressing me with more. A week went by, and I still saw more value.
With a firewall, VPN, and other router functionalities, pfSense offers an excellent total cost of ownership. It's a one-time purchase with no hidden fees, making it significantly more affordable than Cisco products, which require additional licensing, subscriptions, support, and per-feature purchases. While pfSense necessitates some time investment to learn and configure, this is comparable to the effort needed for any enterprise-grade solution, including Cisco, which also incurs substantial licensing costs. Overall, pfSense's upfront cost and user's time represent its total cost of ownership.
Netgate pfSense is 100 percent flexible and configurable. We can do anything with it. We have not run into any scenario where it didn't work.
The overall documentation has room for improvement. Currently, we need to search forums for answers, as the official documentation by Netgate is not very helpful. The community support is excellent, and there should be a feedback loop to incorporate missing information from the community forums into the official documentation.
I have been using Netgate pfSense for four years.
I would rate the stability of pfSense ten out of ten.
The scalability of pfSense fits our company requirements.
Based on both my partner's and my experience with technical support, it is excellent.
The user community support is fantastic. It's a large and engaged community where members show genuine interest in one another's questions.
Positive
I switched from Cisco Firewalls to pfSense Firewalls. I had a Cisco PIX, but they started implementing a subscription model where we had to pay for individual features. It was like, if we wanted this feature, it's a dollar. And if we wanted that feature, it's another dollar. I decided I was done with that approach and wanted something different. I like that with Netgate, what we buy is what we get. It's not a subscription model. We can get a support subscription, which is perfectly natural to me, but we don't have to buy or pay extra for every feature. We get what you get.
It was a gradual learning experience, beginning with our initial purchase and installation of a pfSense firewall. Its features impressed us, so we decided to replace another firewall with pfSense to enable failover capabilities. This success led to a broader implementation across our network. It wasn't a planned, calculated rollout; rather, it evolved organically as we replaced outdated firewalls and discovered the benefits of pfSense, particularly its ability to work in tandem with other pfSense devices for enhanced functionality.
The initial deployment takes a couple of hours and can be done by one person.
Netgate pfSense offers good value for its price. I prioritize getting the most out of my money, so I choose pfSense. I don't always seek the cheapest or most expensive option but rather the best value for my investment. With pfSense, I get the most product for every dollar spent.
I would rate Netgate pfSense ten out of ten.
I am one of two IT people in the organization, and we are the only two who can access the pfSense firewalls. We have what will soon be four metropolitan locations that use pfSense.
Other than updating pfSense, no other maintenance is required.
I recommend pfSense to others. It's an awesome product that fits everything we've ever needed, and they don't overcharge for every little license feature.
We use pfSense for IT security and load balancing the internet traffic across our three lines. We also use a package available in pfSense called pfBlocker that blocks some DNS records. For example, it doesn't allow ads to appear on the website. We have a site-to-site VPN with our different sites.
The benefits from pfSense were immediate. We tested pfSense on a third-party machine, and soon after, we purchased a Netgate machine. PfSense prevents data loss by blocking malicious sites or apps with pfBlocker and the Suricata package, which acts as an IPS.
PfSense has multiple WAN ports, helping to reduce downtime. We can set multiple Internet lines. If one line has an issue, we can still access the Internet from the other or communicate with the other sites. We also have a high availability feature with pfSense. For example, if we have two or three pfSense devices, we can have high availability. If one goes down, we can still work with the other one.
The visibility that pfSense has enables us to make data-driven decisions. From the logs, we can see blocked or allowed traffic. We generally see what goes into the firewall and change the rules or configuration.
From the dashboard, we can see the utilization and how our lines behave during working hours. We can see if we need a higher-performance device, a line upgrade, or a feature.
I like pfBlocker and the ability to install more packages from the pfSense console. It's easy to add features, but you can check the user communities and videos if you encounter any difficulties. You have the flexibility to choose VPNs with WireGuard or OpenVPN and make firewall rules. It's easy to create a group with multiple IPs, hostnames, or areas and create a rule for that group.
You can make your own configurations on every module and create custom packages, which makes it more flexible. The dashboard is customizable, so you can create your dashboard based on what you would like to see and have all the data there on the dashboard. You can start and stop everything on the dashboard.
PfSense could better utilize the interface and dashboard and include some packages in the built-in solution. For example, pfSense is sharing some other packages. You have to download and configure them within the package manager of pfSense. Some of those important ones, like the IPS and the monitor, could be installed on the solution's image and configured.
I have used pfSense for four years in business and at home.
I didn't notice any performance issues.
pfSense is scalable.
I rate Netgate support nine out of 10. I have contacted them twice in the last six months, and they responded and resolved my issue quickly.
Positive
We used UniFi UDM, Hillstone, and OPNsense, which is similar to pfSense.
Deploying pfSense is straightforward. It took about an hour to install and configure. After deployment, the only maintenance required is periodically checking for new updates or security fixes.
pfSense's price is excellent and similar to its competitors. It has a low total cost of ownership for all these features.
I rate Netgate pfSense eight out of 10.
I have three firewalls running my entire county and 11 smaller versions of the firewalls doing OpenVPN tunnels to my remote sites through StarLink.
PfSense has been highly flexible, and it's worked out great for us for the most part. The Plus version has support, which we will pay for since it is our edge firewall. I have not had an issue with adding features.
We're doing a lot of OpenVPN tunnels, and some of the fields in the OpenVPN setup on the server side do not lend themselves to multiple sites. It's kind of ugly. It's a big list of allowed IP addresses. I'd much rather see that via the table individually.
The individual firewalls have a single pane of glass view, but we have so many of them. You need to log into each to manage them.
I'm officially about two years into using pfSense and one year in production.
I have not had any crashes happen.
Overall, I've been happy with these firewalls.
I rate Netgate support eight out of 10. They were highly responsive. It was strictly email support. I didn't buy phone support.
We were running a Sophos firewall as the edge router of everything we did, and it wasn't meeting our expectations. I've used Cisco firewalls for most of my career. The Sophos firewall was underpowered and overburdened. It was constantly causing issues, such as filling up the logs and crashing the firewall in the middle of the day. I have not had that issue with the pfSense.
It was harder to order them than it was to deploy them. As a county government, we ran into purchasing issues, but we ultimately managed to make it happen. It took us about three months to deploy all of them. After deployment, you need to update the firewall codes and back it up. That's pretty typical.
PfSense was quite a bit less expensive than some other alternatives, and it's worked as well as we could hope. We have three 1500s and 11 of the 4100s. The total cost of ownership has been pretty beneficial.
We looked at some other options. I'm a Cisco guy, but pfSense firewalls provide more bang for your buck.
I rate Netgate pfSense eight out of 10.
We have a tiny business that uses pfSense to create a secure VPN between our two locations.
It's a reliable platform. We also value pfSense's security features because we have to comply with PCI for credit card payments. We need to be confident that we'll have the security. PfSense offers that.
We realized the benefits of pfSense almost immediately. I read about a company using it and thought it would be the most secure thing. It's a bit daunting at first because you have to configure it. However, they create ISP versions, so you can leave those alone and not configure them. This does the whole thing in one box, whereas, with the ISP thing, you have to think about how many different appliances you'll need to make it work.
I like how easy it is to access VPNs and stuff like that. It's so simple to set up a site-to-site VPN. The solution is flexible enough to do just about anything. It's super easy to configure the features as long as you have the details you need, or you can build out stuff if it lacks what you're after because it has a plugin architecture.
It depends on how you run it, but pfSense can help you prevent data loss. Still, it's more about preventing people from getting in and having the confidence that you won't be compromised. And if you need those extra features, you can always add them and all those things that can monitor what's happening in your website or organization.
The web interface allows you to see bandwidth, how things connect, and much more. PfSense Plus prevents downtime. It has a feature that records everything you do so that if a unit fails, you can swap it out and enter your details, and then it loads your configuration on a new device. PeerSpot Plus provides visibility that enables data-driven decisions. You can set it up to do that if you want it.
They could always make pfSense slightly more user-friendly and modernize the interface a little.
I have used pfSense since 2015, so it's been around nine years.
I've never seen pfSense crash.
It's at the scale that I need it, but you can certainly scale it up to the enterprise level if you want to have a better product. It depends on the hardware.
I rate Netgate support 10 out of 10. I only contacted them once. It was very quick and efficient. I had a sensible solution within five minutes. I couldn't imagine having better support.
Positive
I used some Netgear hardware, but I don't remember the model because it was eight years ago. When I switched to pfSense, I stuck with it because it works reliably.
Deploying pfSense was pretty easy. I'm an IT guy, so I did it myself. After deployment, you need to do some routine maintenance, like upgrading occasionally and checking your file logs. Apart from that, it does everything for you.
They have a free community version and a paid version. The free version works if you are a home user who needs a fixed cost, but that's not my use case.
I rate Netgate pfSense 10 out of 10. I can't think of a way to make it better. Before deploying pfSense, prepare your area and your network. Understand your entire network and what you want to do before you start doing anything then follow the documentation.
I use pfSense as our primary firewall and router. We use several functions of pfSense, including the OpenVPN capabilities for mobile VPN and pfBlocker for DNS blocklisting. We also use Snort for IPS capabilities.
The solution helped us secure the perimeter against vulnerabilities. I'm confident in the team's ability to keep things updated and all the security holes patched. It also has security add-ons like IDS, IPS, etc. We realized the benefits immediately.
My favorite thing about pfSense is its overall stability of the product. It's rock solid and low maintenance. I like that aspect. It doesn't cost much, and it's feature-rich, including mobile VPN, pfBlocker, and IPS. You have the flexibility to deploy it as bare metal or VM.
It's very easy to add features to pfSense and to configure them. The solution's management page offers a single pane of glass view. You can clearly see the various features on the main page, and it isn't difficult to drill down into the other sections for more details.
I can't say which features Plus provides that the community edition doesn't. I only knew that the Plus edition was the path forward. I was previously on a community edition for many years, but I've been on the Plus edition for at least a couple of years now.
One area of improvement would be better communication. They kind of left a lot of people in the dark and misled them about the pfSense Plus Edition. I feel like they automatically switched people over and then followed that up with a required subscription model. That aggravated a lot of customers, including me, but I stuck with it regardless.
I have used pfSense for nearly a decade.
I rate pfSense 10 out of 10 for reliability.
pfSense is highly scalable. The only limitation is the hardware you have behind it. As long as you can upgrade your hardware when you scale, pfSense will be able to support it.
I rate pfSense support nine out of 10. I've typically gotten all the answers I sought when needed. They are highly responsive. I don't think I've ever had to wait more than an hour to get a reply.
Positive
I wasn't involved in deploying pfSense. I maintain an existing one. For maintenance, you just need to periodically update to the latest version of pfSense Plus and maintain the different rulesets, such as firewall, IPS, and pfBlocker rules.
The total cost of ownership of pfSense is rather low. After the recent subscription change, it doesn't cost us more than a couple hundred bucks a year. The only other thing I have to pay for is the business Snort license for the IDaaS IPS functionality.
I rate pfSense nine out of 10. I recommend doing a white box deployment because it's easier on the hardware. I tried pfSense on a Netgate appliance and wasn't impressed with the performance compared to the white box I already had in place. I suggest starting with a spare server you have — Dell, HP, etc.
We primarily use the solution for firewalling, site-to-site VPNs, and VPN management.
We largely needed a good firewall solution. We wanted to find a suitable firewall for our company size and what we're doing with it.
It's open-source and everything is available to me without having to pay subscription fees.
The support with NetGate probably is the most value I've seen from it. They've been really, really helpful. The open-source nature of pfSense, paired with the amount of support we receive, has been great.
The flexibility is great. It does everything I need it to do. The amount of open apps for it is extensive. I was able to help track some networking issues using the pfSense to scan the network.
It's significantly easier than expected to configure the solution and simple to handle add-ons.
pfSense can help prevent data loss. In our environment, things are fairly strict. However, it makes it easy to manage and configure the firewall and handle inter-VLAN routing and firewalls between them.
We do have access to a single pane of glass management. It's easy to review traffic, usage between VLANs, threat monitoring, and user connectivity. I'd have to monitor items separately without this single pane which would make monitoring difficult.
We do use pfSense Plus. It provides us with the features we need to minimize downtime. The updates and everything that comes with it have been great.
The visibility provided allows us to make data-driven decisions. The modules I have access to for network monitoring and management have been very helpful.
We've been able to optimize performance. With NetGate support, I've been able to utilize traffic shaping and performance optimizers.
I'd like to see it become more of a next-gen firewall or deep packet inspection, however, I'm very happy with the way it is as of now.
I've used the solution personally for about two years. My company has been using it for about eight years now.
The stability is very good.
We have two locations. I have yet to uncover any scalability limitations.
Support is quick to respond. For the amount we pay a year, the support has paid for itself. I'm very happy with the level of support we get.
Positive
I do have experience with Meraki and NetGate devices. I've used FortiGate devices in the past. The expense and support were not near the quality of pfSense.
The initial setup was easy to set up and straightforward to configure. It did take a moment to learn where each tool set was. However, after that, it's really good. I handled the deployment myself. I was able to implement it within 16 hours.
There isn't really any maintenance; it is pretty much set and forget. I do updates every three months or so and that's it.
90% of the setup was handled in-house; I referred to NetGate support for a few items along the way.
We do pay about $600 a year for NetGate support. pfSense is free, however, NetGate, that made the appliance, charges for a support package. I'm very happy with the quality of service that I get for the price.
We would have paid another $7,000/year for subscription fees if we went anywhere else.
I'd recommend the solution to others. I'd rate it ten out of ten.
I run a company that is a managed service provider. We supply our clients with products and purchase on their behalf. We install pfSense in their offices or main client offices.
What I like most about the product is that it is simple to use. I use it at home and in other locations. It offers great value for money because there are no licensing issues apart from the support package. I don't have to worry about licenses expiring or the firewall not working. The overall security gain is stable and reliable.
Multi-appliance monitoring and management, like a single pane of glass, would be very nice to have. A centralized management console would help us. There might be improvements to the web UI, which could benefit from a new look. It looks a little dated, although everyone knows where the options are.
I have used the solution for four years.
The solution is stable. I'm happy with the stability, I would rate it a nine. I had some minor issues, like hardware power supply failure after two to three years, but it was rock-solid until it failed.
The solution is pretty much scalable. I would say nine, although I'm not sure why.
I used their support about two times. I don't need much support, as I've managed to fix everything by myself. I would rate it ten because they went above and beyond expectations.
Positive
Sophos was used in some cases. Some clients require products which are used in their other offices.
The initial setup takes about one hour. It is fairly simple and sometimes only takes half an hour, depending on what needs to be done.
We implemented it in-house with one person.
Because we are familiar with the product, the ROI is between ten to twenty percent. We have been saving by having a stable, well-known product.
I estimate it to be between four or five, something like that. I cannot say it is cheap, but it is not expensive either, so let's say three or four.
I usually advise having a solid firewall with a low cost of ownership, which is why I rate it nine. There's room for improvement, as I would love to have more control over the packets. Overall, I would rate the product nine out of ten.
I use the solution in my home. It's my firewall, DNS server, DHCP server, intrusion detection server, and reverse proxy server.
The solution's web interface is very feature-rich and well-supported. There's a large community of users out there you can get to. There are many things that I'm not using at the time. It's got great support for VPNs. One of the ways that I'm using it is for VPN support as well. Netgate pfSense is a great product.
Netgate pfSense is an extremely flexible solution.
You'll see the benefits of Netgate pfSense immediately after you deploy it. The more features you use, the more benefits you get from it. I'm using the tool for VLAN support. That was something I implemented first, and it completely changed the way I was using my network. That was a real game-changer because it provided greatly enhanced security for my network and reduced the complexity of my network.
The firewall, the intrusion detection service, the VPN support, and VLAN support keep me from getting hacked and possibly having problems with ransomware and potential data loss.
pfSense Plus provides features that help us minimize downtime. You can create copies of different environments that you set up. If you want to try a setting but want to be protected from loss and downtime, you can create a copy of your current working environment.
You should try adding the new change to your pfSense configuration. If that doesn't work, you can easily go back to the working configuration with just a simple change from within the web interface. It also does automatic backups of its configuration.
The visibility of pfSense Plus helps us optimize performance. You can overcome latency issues through traffic shaping. I previously had buffer bloat issues, which I don't have currently.
If you have a slower connection, you can use traffic shaping limiters and priority queues to ensure that your VoIP traffic, internet TV traffic, or streaming traffic has enough guaranteed bandwidth. In my case, my broadband connection is wide enough, and I do not have to really use those features.
The cost of ownership of Netgate pfSense with the hardware cost was about $ 350.
It would be nice for the code optimization to run on even slower processes. It's optimized quite a bit, but there's always room for improvement.
I have been using Netgate pfSense for two years.
We haven’t faced any issues with the solution’s stability.
From my point of view, the solution's initial setup is pretty easy. Many YouTube videos are out there to help you get it up and running. There's a lot to try, a lot of things to do, and a lot of technology to play with, but I'm afraid I'm a bit of a tinkerer. To do what I initially wanted, I probably spent a day.
I would like to see the solution's price reduced.
There is some complexity to adding features to pfSense and configuring them. I would not say it's extremely complex, but it's got a high degree of complexity.
The website is all you need to configure Netgate pfSense. If you choose to, you can use its SSH terminal interface, but that's not something that most users would do. I would think they would stick with its fully developed, mature web interface.
The solution by itself does not need any maintenance. However, if you use the incursion detection plugins, you need to make sure that those are tuned properly. That involves periodic checks and possible adjustments. New users should be prepared to learn, read the manual, and utilize YouTube resources. It'll be worth it.
Overall, I rate the solution ten out of ten.